Fix audit-policies deployment

tasks/install_server.yml

@@ -133,18 +133,21 @@
 
 - name: Secure etcd directory
   file:
-    path: "/var/lib/etcd"
+    path: "{{ item }}"
     state: directory
     owner: root
     group: root
     mode: 0700
+  with_items:
+    - "/var/lib/etcd"
+    - "/etc/kubernetes/policies"
   when:
     - kubernetes_master|bool
 
 - name: Configure kubelet service
   file:
-    src: "etc/kubernetes/audit-policy.yaml"
+    src: "etc/kubernetes/policies/audit-policy.yaml"
-    dest: "/etc/kubernetes/audit-policy.yaml"
+    dest: "/etc/kubernetes/policies/audit-policy.yaml"
     group: root
     owner: root
     mode: 0644

templates/kubeadm-config.yaml.j2

@@ -80,7 +80,7 @@ apiServer:
   extraArgs:
     enable-admission-plugins: NodeRestriction,PodSecurityPolicy
     authorization-mode: "Node,RBAC"
-    audit-policy-file: "/etc/kubernetes/audit-policy.yaml"
+    audit-policy-file: "/etc/kubernetes/policies/audit-policy.yaml"
     audit-log-path: "/var/log/apiserver/audit.log"
     audit-log-maxage: "30"
     audit-log-maxbackup: "10"
@@ -91,6 +91,11 @@ apiServer:
     mountPath: "/var/log/apiserver"
     readOnly: false
     pathType: DirectoryOrCreate
+  - name: "audit-policies"
+    hostPath: "/etc/kubernetes/policies"
+    mountPath: "/etc/kubernetes/policies"
+    readOnly: false
+    pathType: DirectoryOrCreate
 {% if lb_kubemaster is defined %}
   certSANs:
   - "{{ lb_kubemaster }}"